Testimony

On Unsolicited Commercial Electronic Mail Regulation

By Clyde Wayne Crews Jr.
May 10, 2001
Committee on the Judiciary
United States House of Representatives

I would like to thank the committee for the invitation to discuss H.R. 718, the “Unsolicited Commercial Electronic Mail Act of 2001,” introduced by Rep. Wilson, and H.R. 1017, the Anti-Spamming Act of 2001, introduced by Rep. Goodlatte. My name is Clyde Wayne Crews Jr., and I am Director of Technology Studies at the Cato Institute.

Overview

In the heated debate over the outpouring of unsolicited bulk email, otherwise known as “spam,” it’s important to remember that not every unsolicited message is evil incarnate. Despite the hysteria, the optimal amount of unsolicited commercial email is not zero. Sometimes, commercial email is friendly or otherwise welcome-yet unsolicited.

Unsolicited commercial mail can be annoying, but it probably tops out as a vice rather than a crime except in rather specific instances, such as when the sender is peddling fraudulent or phony goods, or is impersonating someone else in the message’s header information. Or perhaps a sender might be breaking a bulk-mailing contract he has made with an Internet Service Provider (ISP).

Laws supposedly designed to halt spam can do more harm than good, especially on an Internet that has yet to even hit on a successful marketing model. That is not to say that spam is the road to success: rather, legislation can have unintended consequences that otherwise harm commerce regardless of any impact on spam. Notably, a recent report expects eighty percent of San Francisco’s remaining dot-coms will fail over the coming months. Banner ad click-thoughs are down, as is the money spent on such marketing. Unsolicited email may be an annoyance to many of us, but it’s also a part of a larger picture in which companies and entrepreneurs are groping for ways to keep the Internet’s services and options growing while making a profit.

It’s not apparent that businesses that are selling legal and legitimate products have any less right to use email than anyone else. The Internet as it exists today is a public, open system and none can legitimately claim a right to exclude others and have the medium regulated on their behalf. However the government must protect citizens against force and fraud.

As this testimony argues, with solutions available and improving on the sender, ISP and user side and even hints that the spam problem is stabilizing, legislation is not wise, especially when it’s considered that Internet communication itself is still a moving target; email is just one manifestation. Government should not use the novelty of the technology to justify intervention, especially when there’s plenty of novelty to come. Conditions are changing every day. We don’t have all the answers to the spam problem, and interference now can impede superior solutions to the dilemma that are emerging.

Besides, if the idea is to target the most annoying kinds of spam (LOSE WEIGHT FAST!; MAKE MONEY AT HOME!; XXX! ), spam laws simply will not be enforceable. The bad guys will just go offshore, out of the reach of legislation, and the effect of a spam law will simply be to create mischief and regulatory hoops for mainstream companies who typically are not the greatest offenders. Legitmate companies will end up being targeted, with small business likely taking a lot of the brunt of the rules. As will be described, reputable companies are embracing opt-out-and often opt-in-policies of their own accord, and the phenomenon of “permission-based” email—which looks a lot like spam but is actually friendly fire, so to speak (with enviable click-through rates!) is on the rise.

Not all unsolicited commercial email is created equal. Nor are ISPs, who would be given legislative immunity for “good faith” efforts blocking and policing what they believe to be spam, even in the absence of customer consent, and in spite of what might otherwise have been negotiated privately. That will create confusion and a legislative nightmare. As noted, the market is already embracing permission-based emailing. It’ll resemble spam to many ISPs for sure. Government should enforce private contracts regarding the delivery of such bulk mail, not dictate what the terms should be or allow one party to set the terms unilaterally.

Spam is just marketing. And there are different levels of spam “guilt.” Spam is much less invasive than door-to-door selling, but we don’t outlaw that. It’s best to allow people to decide for themselves whether or not to entertain sales pitches. To the extent unsolicited communication is responsible for growth of the Internet and future communications options, hindering unsolicited mail could hamper access for many; a government created digital divide.

How Big is the Spam Problem?

It certainly easy to see why spam is widely used by the unscrupulous. It’s as easy to send a million emails as it is to send one. Some organizations like CAUSE find that spam accounts for about 10% of all email. Others have estimated it to be up to one-third of traffic. A recent and frequently cited study by the EC seems to indicate the problem isn’t as big as it used to be, that “It is safe to say the spam phenomenon is now in decline,” and that spam had its “heyday between 1995 and 1998.”1

Spam clearly remains problem but it’s one ripe for political mischief, as legislation proposed can be more problematic than spam itself. The debate thrives on loaded language, like the word “spam” itself, or in the description of marketers collecting emails as “harvesting.” Some seem to detest Internet commerce as a worldview. But commerce and a commercialized Internet are critical to expanding online services, and access itself.

Private Means of Coping With Spam

It is worth reviewing some of the means of coping with spam in play today and on the horizon, because they help illustrate why legislation is unneeded and also highlight some of the problems that legislation can create by changing the rules midstream in an adapting marketplace.

Individuals’ Tools to Attack Spam:

The basic instructions to Internet users still apply: Read the fine print before filling out forms; don’t post your email address on Usenet posting or in chat rooms (even “munging” the address with an insert like NOSPAM won’t protect an email for long2); try to avoid posting your email on your website. If need be, set up set up separate “junk” email account to use in online interactions. Finally, don’t respond to spam, even to ask to be removed since this is often just a trick to assure that an email address is live. Instead, report and send the spam, either your ISP (which reports it to the spammer’s ISP and which might help since most ISPs have “no spam” stipulations as part of their terms of service) or to a service like SpamCop.

There are other preemptive strikes that can be taken against unwanted mail. For example the Direct Marketing Association runs a list (at http://www.e-mps.org/en/) that Web surfers can visit and sign into to have their names removed from emailing lists. DMA member companies must abide: “All DMA members who wish to send unsolicited commercial e-mail must purge their e-mail lists of the individuals who have registered their e-mail address with e-[Mail Preference Service].” The service is even capable of blocking business-to-business email, not just consumer email.

Of course, legitimate businesses that are part of the DMA aren’t the chief culprits. Most spam comes from companies that are by no means DMA members.

Beyond such pre-emptive moves, email filtering is a common tactic. Email filters can do a number of things: They can block by sending to a separate folder, or even delete emails altogether. They can block based on the sender’s email (called “blacklisting”), or they can block based on words in the subject line or body. Online email services will often send email to a “bulk folder” if the email is not specifically addressed to you, but instead contains numerous addressees. The Hotmail email system, for example, makes spam easy to deal with, even though the system is quite susceptible to spam. Bulk mail goes into a special folder and is held there for two weeks and then automatically deleted. During that time, the user can open the folder and scan for legitimate mail that shouldn’t have been sent there. Rather than reading any of the spam, a user need only note legitimate messages and click the “This is not bulk mail” button. Those messages will never be sent to the bulk bin again.

Increasingly, consumers can configure email to accept only some addresses (whitelisting). If consumers so choose, the default can increasingly evolve from today’s “everything comes in unless you say ‘no’ ” to “nothing comes in unless you say “yes.’” Spamcop, for example, offers white lists or safe list filters, and these can be integrated with existing email accounts.3

Email tools for kids, such as that provided by email-connection.com, can be set up so that a child can send only to parent-approved recipients. Of course, problems of children’s unattended use of the Internet go well beyond email. But even here there are solutions, and some have opted to join private networks altogether, such as eKids Internet and JuniorNet, where only members of the network itself, not the public Internet, participate-yet many of the features of the public Internet are duplicated through partnerships.

Aside from standard filtering, there are two main methods to block spam that could emerge, and already have to certain extent: passwords and postage. These tools are truly novel, removing even the argument for opt-out requirements. While filtering will zap some innocent emails, password and postage systems hold the promise of getting around that problem. One programmer offers a system for Unix users by which the sender gets an autorespond message containing a password when he sends an email, if he is not listed in the recipients “privileges database.” He must then respond with the password in the message. The initial autorespond states, “Spam foiling in effect. My email filter autoresponder will return a required email password to users not yet in the privileges database.”4 That blocks spam, which is automatized.

One company called MailCircuit offers spam-free email services on what it calls its “Handshake System” to assure that “If you don’t want it, you do not have to receive it…Our Mail Verification Program stops unwanted mail period.”5 By this unique method, when an email comes to a recipient, the sender is sent a message by the system asking for a unique response. If they reply, they are added to the friends list and future messages go through. Again, since spam is automatized, this process usually stops it.

As seen in the next section, techniques for ISPs to share “postage” with legitimate emailers is on the rise. There could also be mechanisms by which individuals are paid postage for receiving unsolicited mail (remindful of the often seen notice from sellers on eBay: “I accept PayPal.”), and could waive the fee in certain cases, particularly if the system were to expand beyond commercial email to encompass all “unknown” emailings.6 What an innovation it would be for individuals rather than the USPS to collect postage! As they are now starting to do with commercial mailers, ISPs may be able to help facilitate postage for individuals.

ISP Tools to Attack Spam:

Paralleling those used by consumers, various ISP filtering options are in play (XXX; For Immediate Release!; Earn Money Fast!). ISPs are also able to block bulk mails that come from dial up accounts, which many spammers employ in order to hide their header information.7

ISPs also block known spammer directories such as the MAPS “Realtime Blackhole List.” Blacklisting can lead to problems, but it is a perfectly legitimate exercise of property rights. Disputes arise because some bulk mailers regard this as vigilante behavior. Legislation would likely have some impacts on this option; but it’s by no means clear that legislation is a good substitute for it.

Increasingly there appear to be ways emerging for ISPs to shift some of the costs and inconvenience of spam back to the spammer. One option is for ISPs to develop ways to start charging for commercial emails. Already, a company called ChooseYourMail “charges advertisers a delivery fee which is shared with the ISP. This enables the ISP to defray rising mailserver costs and help keep monthly access fees low for their subscribers.”8 This fits in the vein of request marketing that is changing the commercial mailing industry. Such pay systems help shift the burden back where it needs to be and represent the first steps toward “postage” for commercial email.

ISPs and technology providers may need to “collude” to implement these systems on a wide scale, and they must be allowed to experiment.

Notably, privately owned networks like eKids don’t experience significant shift-the-burden problems with spam. Commercial email policies would be spelled out to ISPs who join (or establish) such networks. And the question of who bore the costs, rather than being answered by legislation from Washington, D.C., would be resolved by contract. Some networks may disallow “spam” altogether. Of those that permit it, some may require spammers to pay fees to account for the strain they place on networks. Or, network owners could require that member ISPs maintain certain capacity.

“Peer Pressure” On The Bulk Mail Industry Is Addressing Spam

Permission-based email will grow, and it represents a mounting source of peer pressure on the commercial mailing industry to make mail less intrusive over time. The market needs to adjust to these new realities. Indeed, there is a cottage industry devoted to spelling out the difference between permission email and spamming.9 Permission mailing is praised widely:

Permission email has been identified as the next generation of Internet marketing. Enjoying significant click-through rates over banner ads and other forms of online marketing, it has experienced phenomenal industry growth and has led Jupiter Communications to predict that commercial email marketing will become a $7.3 billion business by 2005. Forrester Research reports email use accounts for over 35% of all time spent on the Internet and estimates that 50% of consumers will be communicating via email by 2001. Clearly, permission email has emerged as one of the most powerful Internet marketing mediums ever.10

Third party stamps of approval are on the rise as bulk mailers seek to legitimize themselves. As Removeyou.com head Thomas Brock to told the Wall Street Journal, “We are not here to kill the spam industry. We are here to save it. We are simply forcing the bulk-mail industry to do the right thing.”11 His group maintains a list of people who don’t want to be spammed. When individuals forward a spam to Removeyou, they contact the spammer and invite them to join Removeyou.

Problems with Government Regulation of Spam

Given all such developments, it’s apparent that the market is moving toward solutions for a spam problem that may in fact have stabilized. The prospects are good, and legislation intended to target specific areas can have unintended effects that bleed over and hinder superior private solutions as well as online commerce and consumer access to growing online services. It’s not enough just to have an aversion to spam, and then feel that’s all we need to know. The legislative cure can be worse than the disease. And it can bring a lot of expensive enforcement and litigation costs in the areas covered below, in the bargain. It’s not even clear that all the voices are being heard in the debate. Most small businesses are not on the Internet, and it’s not clear that they would have an easy time meeting legislative hurdles.

Ironically, in fact, it is the government’s mandate that cell phones incorporate 911 location capability that swung the door open to spam in that particular arena, which promises to be a real hot-button spam issue in the near future. The mandate is costly, and the best way for manufacturers to pay for it is to allow marketers access to customers. Nonetheless, the industry’s trade association, sensitive to outrage and its impact on profits, is adopting an “opt-in” approach of its own accord that would assure no customer gets pitched unless he permits it. It’s noteworthy that even when government “subsidizes” unsolicited mail, peer pressure kicks in to control it.

Most legitimate vendors are increasingly offering opt-out. Laws will be unenforceable as far as the most offensive material goes, as these relocate overseas. Much spam already originates from Pacific rim nations, for example.12

What Will Count As Spam?

Spamming used to refer to individual behaviors, in which users would post the same message to numerous newsgroups.13 Will the definition of what counts as commercial spam change? It is conceivable that, in the wide universe that is the Internet, spam could come to mean not just “unsolicited commercial” email but other things unsolicited.

It is not clear what ultimately will count as “unsolicited commercial” email. What if a reputable company sends mail unasked, but provides return address and removes your name when you ask? That presumably will remain legal in the the legislation at hand. But that could easily change on the floor. And certain activists who hope to profit from “consulting” on email issues are pushing aggressively for opt-in laws that would outlaw initial contacts altogether-a clear constitutional problem, as well as a death sentence for electronic commerce (particularly for small firms). Mandatory opt-in for mail has serious free speech implications. Nonetheless some consumer groups in this round of hearings are reiterating the call for a “federally mandated ‘opt-in’ policy on commercial email.”14 That pressure will not go away, and legislation now is the camel’s nose under the tent.

As it stands, the legislation defines a “commercial electronic mail message” as one that “primarily advertises or promotes the commercial availability of a product or service for profit or invites the recipient to view content on an Internet web site that is operated for commercial purpose.” This is quite a loose definition. What counts as “primarily”? And most newsletters, which often are not primarily commercial, include links back to websites that are often run for profit. What about electronic newsletters from actual media services, such as the Industry Standard, whose emails contain advertisements and links between stories? It is unfair to treat ads differently just because they happen to be part of a news service, and someone will inevitably point that fact out. The media business is for-profit, after all.

What about organizations that are primarily informational in nature, perhaps even labors of love, say a gardening website, that allows sponsors to insert brief advertisements in email newsletters. Spam legislation could have a detrimental effect on such electronic newsletters. Given the penalties proposed in the legislation at hand, there are clearly incentives to go on “spam hunts,” looking for evil embedded within every email.

In such an environment regulation could lead to even more spam, somewhat disguised. Spam legislation could lead to our receiving “public service announcements,” that happen to include an offer for a product somewhere down the line. Other questions regarding spam include; what is to be the status of political emailings? Some may get more junk mail from their congressman than they do from spammers. Rep. Goodlatte mentioned “chain letters” in his testimony.15 Would those be subject to legislation? What about forwarded jokes? Gartner has referred to such potentially nuisance mail as “occupational spam.” So the broadening of what gets classified as spam may not be that remote a possibility.

Super-Contractual Immunity for ISPs Will Distort Emerging Internet Markets

Legislation proposes to allow blocking as well fines by ISPs “that establish a policy.” ISP spamming policies are fine, but they should be private contractual matters, not set from above in federal law. This amounts to an unwarranted federalization of contracts. Besides, there are now well over 5,000 ISPs in operation, which could create a patchwork nightmare as they implement federal policy.

If ISPs are given too much power to decide what is spam and to unilaterally block it, with immunity, they will inevitably block legitimate transactions that consumers want. Many legitimate communications can easily be confused with spam. ISPs are given “good faith” immunity in the bill, but that gives them too much ability to simply reject forwarding messages when it suits their purposes (and the Internet already suffers from a separate class of related traffic-sharing problems that must be worked through by voluntary means). The legislation gives ISPs financial incentives to block spam since doing so helps them relieve pressure on their networks.

Legislation should not come between what are complex relationships between companies, ISPs and users. Government can’t just rubber-stamp random ISP blockages that they otherwise would need to negotiate to secure, and then on top of that facilitate the blocked party’s potentially being sued. And it’s certainly not clear that consumers would even want ISPs to block, even on good faith, since it takes away the assurance that permission-based emails would get delivered. Indeed, an amendment to the version of H.R. 718 marked up in the House Energy and Commerce Committee gives a sweeping opt-out right to ISPs, allegedly similar to the one given consumers.16

As noting in recent testimony in the Senate with regard to related legislation, small ISPs and customers could get cut off without their knowledge:

[W]e are concerned about reports that ISPs, in their eagerness to help their subscribers avoid receiving unwanted UCEs, may block emails that subscribers not only want, but have specifically contracted to receive as part of an electronic business relationship…[The bill] does nothing to prevent this from happening, and does nt even require ISPs to give notice to consumers that they intend to block, or that they have blocked, the transmission of e-mail either in general or from particular senders.17

Some marketers may favor this policy, but it also seems quite possible that this legislation could disrupt permission-based email alternatives just as they are emerging. Will the ISP know, care, or bother to keep track of the fact that a consumer signed up for information from Sears, Gap or Tower Records offline? Will an ISP block mailings from Scott’s Lawn updating consumers on when to throw fertilizer and grass seed? Or another example; if by breaking the shrinkwrap and lid on software, I accept the software’s agreement and it “phones home,” that should be acceptable as consent for emails I later receive. It is not legitimate for ISPs to intervene (with immunity) in any private emails unless authorized. Especially as friendly commercial email traffic rises, regulation could create more problems than solutions. It’s vital that emails that consumers have contracted to receive are never blocked. Often, these could contain critical or time sensitive information (such as financial data). Similarly other kinds of innocent bulk email, like letters sent from trade associations to members, could be captured in error.

Opt-in or opt-out arrangements already made in the offline world that customers seek to transfer to the Internet are plainly put at risk. If permission was granted offline (or even online), how would ISP know? Under the proposed legislation, they can block it, and not even let the intended recipient know they’re doing it. The bill in this way interferes with the emergence of permission based marketing since, according Jerry Ceresale of DMA, it “doesn’t account for prior relationships.” The legislation doesn’t make clear how ISPs will be aware of and honor prior relationships, and there’s no sense that it appreciates the fact that such arrangements will increasingly be made routinely, and there appear to be no real incentives for an ISP to investigate or keep track.

Clearly the existence of a “pre-existing” relationship like that specified in H.R. 718 may not be as straightforward to obtain as supposed. And it could lead to a scramble by companies otherwise indifferent to collect personal data hastily that they otherwise may not have bothered to obtain. (H.R. 718, for example, would take effect 90 days after enactment.) There’s nothing necessarily wrong with accumulating such information, but it seems counter to the spirit allegedly motivating this legislative push.

A better solution all around may be for ISPs to look for ways to charge for commercial emails that are not on a white list. Legislation could have the effect of shifting wealth artificially and permanently toward ISPs, when the market might otherwise move us toward a system whereby consumers get paid instead for each unsolicited commercial mail they accept. The consumer gets nothing if the ISP gets to reduce traffic unilaterally—and could even be harmed. This is not to say the consumer is entitled to such payment—merely that such an outcome is a logical resolution of the spam problem and a regulatory “solution” could foreclose what could be a tremendous opportunity.

And again, ISPs are not all created equal, and some are even spam-friendly. Clearly not all favor the federal granting of power to ISPs. Indeed, the good faith clause could allow an ISP to block out a smaller competing ISPs who may be accused, legitimately or illegitimately, of being a source of spam.18

Identification Requirement Creates Problems

There are also potential problems with establishing what will qualify as “clear and conspicuous” identification of spam. Spam is already usually immediately obvious to the recipient, a kind of background noise.

The intent here seems to be to aid spam filters, but that might not be the result. Filtering technologies could move in directions that would be impeded by mandatory identifier information. There may be possible conflicts with other species of identifiers that may emerge for solicited commercial mail. It could also interfere with “preview screen technology used by many consumers to rapidly screen messages and their content.”19 Besides, it would likely require legal counsel to certify for a business what counts as clear and conspicuous, leading small or reluctant businesses to avoid email altogether.

Identifiers could hurt small businesses as well by unfairly stigmatizing unsolicited mail generally; Identifiers would likely fail to distinguish between XXX and, say, home gym equipment or flower seeds. Identifiers could also cause confusion where messages are only partly commercial.

Potential Impacts on Emerging Messaging Technologies

The desktop is only one means of accessing the Internet, and it is entirely conceivable that over time it will decline significantly in importance relative to mobile, remote, and other devices (handhelds, cell phones, the Carrier/GE thermostat, automobiles, etc.)

These are struggling industries, and marketing will be required for these devices to proliferate, and legislation impeding commercial email could stall them. Strategy.com, for example, one of the most prominent outfits whose business plan included offering targeted services to consumers over remote devices, is facing severe hard times in a skeptical venture capital environment. Artificial restrictions on commercial email are the last thing companies like this need.

Recall that, at bottom, what’s being proposed with spam legislation is the further regulation of communications; email just happens to be the format of the day. It’s unclear what the impact of legislation would ultimately be on services like Instant Messaging (since the compact nature of IM may not lend itself to opt-out and other messages), the eventual wireless Web, peer-to-peer interactions, and services like Fax4Free.com or eFax. Even the adoption of pop-up ads on the Web would be suspect under spam legislation. After all, no one explicitly asks for these. Spam legislation limiting emailing could unintentionally promote these in the short term-and then lead to yet another backlash.

Pathway for Ill-Considered Privacy Legislation

One of the worries is that spam violates privacy. Spam is not primarily a privacy issue in the sense of personally identifiable information about you being known. The real spammers who use data robots to harvest emails off newsgroups and websites typically don’t know anything about you. But if legislation imposes opt-in and/or opt-out policies, it paves the way toward a broader privacy bill that could have several negative effects.

Tools to secure Internet privacy are improving all the time, with new browser technologies that police web sites according to user preferences just one of many options available to consumers. There is no one level of privacy preferences that consumers share, and no government rule capable of acknowledging that fact.

Levels of privacy protection are properly competitive features, therefore markets are necessary to provide the mix people desire. All government needs to do is enforce privacy contracts when they are violated.

Privacy legislation, particularly the “opt-in” variety that spam legislation seems to admire, also violates free speech: yet if corporate free speech is a target, will media speech also be in the crosshairs? Privacy is a key value and people want it protected. Ultimately, the question is, who provides the best discipline: markets or politicians?

Unintended Impacts on the Right to Anonymity and Free Speech

Free speech for the sender

Spam is, at bottom, merely advertising. And business speech is still just speech. There is a problem in saying that we shall enjoy the freedom to contact or visit companies anytime we like, but they can’t contact us. Even the opt-out requirement in the legislation can be problematic: does it preclude all future contact from a company by email—or just contact about a particular subject or offering? It’s certainly fine for consumers to effect complete blackouts from companies if they like. But implementing this with federal legislation appears to be overly heavy handed, and better left to emerging contractual relationships.

Plus, the precedent set would be troublesome: Could advertising restrictions pop up elsewhere, such as on the new Web pop up ads?

Free speech for the public

Goodlatte’s H.R. 1017 would ban using false email return addresses in commercial email, as well as software capable of hiding such information. The requirement that valid header information be featured has significant implications for free speech.

It can be very simple, thumbnail-sized code indeed that forges the “from” line of an email.20 Individuals should retain the right to safeguard their anonymity by such means.21 It just happens to be the case that the very techniques that facilitate spam can also protect individuals’ identity. It is a mistake to criminalize bulk messaging software. Yet H.R. 1017 could make such simple but critical software illegal.

Right now the Internet, especially as we sit on the cusp of a revolution in peer-to-peer networking, is one of the only unregulated, open-to-all forms of communication we have. The benefits of leaving it alone, despite problems with some of the “communicators” that populate cyberspace, vastly outweigh the potential costs.

In a way, the spam debate helps illustrate that the underlying crucial Internet debate is really not the one about privacy that gets all the media attention these days. Rather, the real question is whether government will allow individuals to remain anonymous when they actually have the technological means to do so. As strange as it may sound, “spam” and the use of “spamware” are means by which individuals can maintain a cloak of anonymity. For example, Spam Mimic is a Website that disguises a message by making it look like spam so that “sniffers” might be more likely to ignore it.

At the very time the concern is to enhance privacy on the Internet, it’s unwise to criminalize uses of software that hide headers, or source and routing information. Consumers may seek these for privacy reasons. Spam legislation that impedes anonymity and individuals’ attempts to protect their privacy would be taking away with one hand what government proposes to give with the other. Here, the federal government would be artificially harming privacy, and setting the stage for unnecessary privacy regulations.

This is the kind of unintended consequence that can emerge when governments try to leapfrog the fact that we still have a lot of learning to do.

Loophole Mess

Loopholes in legislation, which could easily emerge from the give and take that will characterize a spam bill on the floor, can have unintended consequences. What if a loophole explicitly permits certain kinds of bulk mail that emerging market institutions would have chosen to shut out?

Unreasonable Penalties

Rep. Chris Cox (R-California) has argued the fines stipulated in the Wilson bill are in excess of the actual harm done by the typical spam. And it seems that $500-per remedies (up to a $50,000 maximum) would be off-putting to small businesses, and essentially keep many of them off the Internet as far as trying to conduct email marketing is concerned. Besides, if people are going to get $500 for every unwanted email, why go to work anymore(!). Surely it’s not this much of a burden to delete emails or otherwise take steps not to receive most of them at all. The level of federally specified remedies appears to go too far and create a lot of potential for mischief. Email has always been a phenomenon operating on the principle that not everyone has to grant explicit permission in order to be contacted-which is arguably the essence of the Internet revolution. If that premise is going to be reversed, with penalties besides, it represents a fundamental change with plenty of opportunity for mischief.

Ironically could end up with lawyers specializing in offering to help individuals lay claim to the $500 remedies they are “entitled” to. Would these solicitations qualify as spam?

What Should Government Do?

The Federal Trade Commission already has power to “prosecute fraudulent or misleading commercial emails.”22 States likewise have powers to prosecute fraud. Otherwise, it’s better to let existing and emerging market tools address the spam problem because of harmful impacts of legislation on legitimate commercial emails, emerging Internet communications methods and free speech.

Government should not grant ISPs a top-down right to block, with immunity. While private efforts to block spam do not constitute state action, government-sanctioned blockage arguably crosses that line and violates free speech.

Granted, ISPs may be going overboard in some instances when blacklisting sites that spam or that offer software potentially usable for spamming. But at least blacklisters are subject to market pressures and discipline. In an ongoing case, New Zealand’s largest ISP (Xtra) is seeking to have itself removed from the Open Relay Behavioural Modification System blacklist as an accused source of spam. The operator of the list, however, says, “What [Xtra] doesn’t seem to understand is that the internet is a cooperative of privately owned networks…No one has the right to send e-mail anywhere. It is a privilege that is granted by the owners of those networks.”23 Email marketers should be held accountable to the contracts they make with ISPs.

The government can’t stop spam. In the final analysis, the market will have to do the heavy lifting. Regulation now is likely to simply harm legitimate commerce. In trying to make life difficult for unsolicited mail, it is all to easy to make it difficult for solicited mail, too.

Notes

1. Maureen Sirhal, “Experts Struggle to Gauge Impact of ‘Spam’,” National Journal’s Technology Daily, May 7, 2001, p. 4.

2. See http://www.antionline.com/features/jargon/spamblock.html

3. See, for example, David P. Hamilton, “You’ve Got Mail (You Don’t Want),” Wall Street Journal, April 23, 2001, p. R 21.

4. See http://www.uwasa.fi/~ts/info/spamfoil.html.

5. According to MailCircuit, “The way it works is simple: When you receive an unfamiliar message our Mail Verification Program checks to see if it is from a familiar address, if not it places the message on hold and sends a letter of introduction to the sender of the mail message asking them to reply in a unique way, if they reply as requested the senders message is allowed to pass through to your inbox and they are added to your list of Friends. If they do not reply to the message in a certain amount of user defined days then the message is deleted and the senders address is placed in your hostile list, thus not allowing that sender to send any email messages to your email account again.” http://www.mailcircuit.com/handshake.htm.

6. See, for example, Declan McCullagh, “Consuming Spam Mail,” Contributors’ Forum, The Library of Economics and Liberty, February 12, 2001.

7. Hamilton, p. R 21.

8. http://www.mailcircuit.com/cym.htm.

9. See, for example, http://www.digitrends.net/marketing/13640_12335.html

10. http://www.yesmail.com/learn/

11. Hamilton, p. R 21.

12. Noted in McCullagh, February 12, 2001.

13. Noted in James W. Butler III and Andrew Flake, “The Effective Control of Unsolicited Commercial Email,” U.S. Internet Industry Association, Internet Policy White Paper, p. 1.

14. Maureen Sirhal, “Anti-Spam Bills Debated at Hearing, In Letters,” National Journal’s Technology Daily, April 26, 2001.

15. “Statement of Congressman Bob Goodlatte, Senate Communications Subcommittee-Spamming Hearing,” April 26, 2001.

16. Noted in Adam S. Marlin, “Anti-Spam Bill Approved By Panel Over Industry Objections,” CQ Daily Monitor, March 29, 2001, p. 6.

17. Jeremiah S. Buckley (General Counsel, Electronic Financial Services Council), Testimony Before the Senate Commerce Subcommittee on Communications, April 26, 2001, p. 3.

18. See, for example, the February 17, 2001 letter from the U.S. Internet Industry Association to Rep. Heather Wilson.

19. James W. Butler III and Andrew Flake, “The Effective Control of Unsolicited Commercial Email,” U.S. Internet Industry Association, Internet Policy White Paper, p. 7.

20. See, for example, Declan McCullagh, “Use a Spam, Go to Prison,” Wired News, March 24, 2001.

21. See for example Jonathan D. Wallace, Nameless in Cyberspace: Anonymity on the Internet Cato Institute Briefing Paper, (December 8, 1999)

22. Noted in Sirhal, April 26, 2001.

23. Michael Foreman, “Xtra May Use Court to Get Off Blacklist,” The New Zealand Herald Online, Tuesday, May 1, 2001.
http://www.nzherald.co.nz/storyprint.cfm?storyID=184372.